Wednesday, September 6, 2017

Do you practice safe hex?

from here

There is a school of thought that says a certain kind of browsing is responsible for a great deal of the nastiness people found on their computers, and part of safe hex involved avoiding unsafe sites or at least doing something to mitigate the threat.

But do people even know the term "safe hex" anymore? It was big in the 90's, but it seems like the security community has opted (foolishly in my opinion) for the "users should just be invisibly protected without having to know anything" model so nobody talks about safe hex anymore. Frankly, if people can't be automatically protected from something as simple as biological viruses, I'm not sure how we can expect that kind of protection against intelligent adversaries.

On the other hand, I'm not even sure what constitutes safe hex now. The computing landscape has become so fragmented, it's difficult to keep up with what the best practices are for this platform or that technology, and the more things that get computers put into them the worse that is going to get.